Undocumented permissions needed for "ensure image exists" check #48
Comments
|
Hey @tmyhu , I am also configuring I know this is months before, but I wanted to take a shoot, this is dragging me from fully testing Yatai. Thanks! |
|
Hi @lurecas , for ECR I had to add the I don't think that is applicable for you with GCR though, just looking at the yatai docs again it seems like for GCR you need to fill out the Helm values under P.S. Since you are at the testing stage, you may be interested to know that one of the people at Bento told me on Slack that they plan to deprecate and discontinue Yatai, so I've abandoned our evaluation. |
|
Thanks @tmyhu, after banging my head to the wall for several hours, I managed to fix it. The error was not very clear, but the root cause was the authentication with GCR. I created the secret incorrectly, I encoded the service account file but I did not need to.
Ok, that's a little bit disheartening 😓 . Was this posted in a public channel or was in a direct message? Thanks for sharing this info. Let me ask you one more thing, have you evaluated another replacement for BentoML/Yatai? We are currently looking for alternatives to our "custom" MLflow based architecture, and we are doubting if we should go "full vendor locking" with something like VertexAI or SageMaker or try to adopt BentoML (well, the Yatai integration was one of the main draws of Bento, so I don't know) |
|
You can successfully complete this configuration according to the official Yatai documentation, which means first downloading the JSON file from GCR, and then using the content of the JSON file as the password for docker registry. |
|
According to Google's documentation, the docker registry username is
|
|
Thanks for jumping in @yetone , I finally made it work. Probably it was my fault, I had some problems fully understanding this authentication method. Since google is deprecating Container Registry in May, do you folks intend to support Artifact Registry instead? |
|
The configuration methods for Artifact Registry and Container Registry are exactly the same, there is no difference at all, please feel free to configure. |
|
@lurecas It was a private message so not sure about public comms.
Yes, we've evaluated KServe and Ray and will be going with Ray though both seemed like very valid options for us. |
After installing yatai-image-builder 1.2.12 according to the documentation for ECR and creating a BentoRequest, I get this error in the logs:
The documentation only mentions permissions that need to be configured for
yatai-image-builder-podserviceaccount inyatainamespace. After adding the same permissions foryatai-image-builderserviceaccount inyatai-image-buildernamespace the error is resolved.It would be great to have that documented with the minimum permissions needed for
yatai-image-builder.The text was updated successfully, but these errors were encountered: